Currently, online and mobile banking provides financial institution customers the ability to make payments, transfer funds and the like via personal computers or other computing devices capable of connecting with the Internet. However, the security of such web-based transactions is at risk because the financial institution has no way to ensure the integrity and confidentiality of these transactions. This is due to the fact that the financial institutions have no means to ensure that the customer's device or system provides the necessary degree of security, irrespective of the customer being an individual customer or a business customer.
Specifically, personal computers are inherently not designed to provide the highest possible level of security. This is because the user of the personal computer demands the freedom to be able to execute any type of software, firmware or the like, regardless of the security protection provide to the software. In this regard, personal computers are configured to allow for executing both secure software and unsecure software.
Software security is imparted when the code is “signed”. When the code is signed, it is possible to determine reliably whether that code has been modified by someone other than the signer, no matter whether the modification was intentional (e.g., by a hacker or the like) or accidental (e.g., as when a file gets corrupted). In addition, by adding a code signature, the software developer can ensure that updates to a program are valid and can be treated by the system as the same program as the previous version. Thus, code signing serves three distinct purposes. First, code signing can be used to ensure the integrity of the code, i.e., that it has not been altered or tampered. Second, code signing can identify the code as coming from a specific source, e.g., the developer or source and, thirdly, code signing can determine whether the code is trustworthy for a specific purpose. To enable signed code to fulfill all of these purposes, a code signature includes a unique identifier used to identify the code and/or code categories; a seal that is a collection of checksums or hashes of the various parts of the program and is used to identify alterations to the code and to the program identifier; and a digital signature, which signs the seal to guarantee the seal's integrity and may be used to determine who signed the code and whether the signature is valid.
With unsecure software being executed on a financial institution customer's computer, hackers today can frequently exploit customers' systems to commit financial fraud, with business customers being placed at an even greater risk. Even as additional security controls are being implemented on traditional personal computers, the growing threat of malware, phishing scams and eavesdropping from hackers present greater risks to customer transactions and financial institution-related data.
In addition to security, the current model for providing online financial services is a web-based application, which is characteristically limited in terms of the user-interface functionality it can provide, due to the fact that it must be able to accommodate a myriad of different computing devices and web-browser applications. Thus, the customer experience that can be provided via traditional online banking is limited to the generic application suited for the web.
Therefore, a need exists to develop methods, systems, computer program products and the like which provide for a secure platform for conducting financial institution transactions. The platform should provide for both individual customers and business customers to conduct financial transactions, such as personal or business—payments, transfers of funds, Point-Of-Sale (POS) terminal payments and the like, that ensures higher integrity and confidentiality of the customer's transactions. Additionally, the platform should provide for greater user-interface functionality and a heightened user experience. In addition, by providing for an alternate platform for conducting online financial transactions, the customer can be afforded an alternative means for banking in the event the customer does not currently have access to a personal computer, or the personal computer is currently non-functional.